SSI injection is a form of attack that can be used to compromise Web sites that contain SSI (server-side include) statements. An SSI is a variable value such as a "Last modified" date that a server can place in an HTML file. Before sending the file to the requestor, the server searches the file for CGI (common gateway interface) environment variables and inserts the appropriate values in the places where "include" statements appear. In SSI injection, the variable values are modified by an external hacker. This can allow the hacker to add, alter or delete HTML files on the server. It can also make it possible for the hacker to gain access to server resources.

Download this free guide

The Benefits of a DevOps Approach

Bringing development and IT ops together can help you address many app deployment challenges. Our expert guide highlights the benefits of a DevOps approach. Explore how you can successfully integrate your teams to improve collaboration, streamline testing, and more.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

According to security experts, the main reason that SSI injection and similar exploits are on the rise is the fact that application security is not sufficiently emphasized in software development. To protect the integrity of Web sites and applications, experts recommend the implementation of simple precautions during development, such as controlling the types and numbers of characters that are accepted by Web servers from users.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy